[Security] Some things to do by Brasstax - TribalWar Forums
Click Here to find great hosting deals from Branzone.com


Go Back   TribalWar Forums > TribalWar Community > General Discussion
Reload this Page [Security] Some things to do
Page 1 of 2
Thread Tools
Brasstax
VeteranXX
Contributor
Old
1 - 07-22-2021, 21:25
Reply With Quote
TW:

The world is full of shenanigans right now. Here are some things that you SHOULD do.

1) Go here to to a basic router check
F-Secure Router Checker â***8364;***8221; Is your Internet connection safe? | F-Secure
2) Go here and check your e-mail address(es)
https://haveibeenpwned.com/
3) Update your OS / Security patches
4) Run a decent AV package like

Free:
Download Free Antivirus and Web Scanner | Sophos Home

Malwarebytes Cybersecurity for Home and Business | Malwarebytes

AVG 2021 | FREE Antivirus, VPN & TuneUp for All Your Devices

Although the free Microsoft software has gotten better, do yourself a favor and get protection from malicious websites

Change your passwords on occasion.
Do not use the same account name, e-mail addresses and passwords across sites.

Upgrade your firewall/router/wireless system. Look for something that has "stealth" mode for your wireless.
Look into creating an ACL for your internal network. Change vendor supplied accounts/PWs. Turn off any sort of outside web management. Make a little DMZ for your pals/guests that is totally segregated from your home network.

You know, all the basic **** you should already be doing.

OK - now onto some current advice.

1) PRINTNIGHTMARE Turn off your windows print spooler service if you aren't using it. You will find out if you are but there is likely no reason to use it if you don't have a printer attached. Even if you do, you are unlikely to be sharing it. If you are? Make sure you are patching asap.


2) HIVENIGHTMARE -New. No patch
To see if your computer is susceptible to the flaw, CERT suggests opening a command prompt and typing the following:
Code:
icacls %windir%\system32\config\sam
If the output includes an entry for
Code:
 BUILTIN\Users:(I)(RX)
then your system is vulnerable.


Quote:
No patch is yet available for this flaw, prompting Microsoft and CERT to suggest the following workarounds for any individual or organization worried about this hole being exploited.

Open a Command Prompt as an administrator. Type the following command:
Code:
 icacls %windir%\system32\config\*.* /inheritance:e
Delete any System Restore points and Shadow volumes that you created before restricting access to %windir%\system32\config. To delete the shadow volumes, type the following command: vssadmin delete shadows /for=c: /Quiet
Finally, create a new System Restore point (if desired).
Here is the link to info on icacls
icacls | Microsoft Docs

Anyway - this is not meant to be a fix everything thread. It is just a couple of things you can do to keep your system safer and to see if you have already been compromised.

Ad blockers can really help as well since some malware is being delivered directly through ads.

Here is a password stealer "MosaicLoader" that is delivered through paid search results...

Password-stealing Windows malware spreads via ads in search results | TechRadar

Even LINUX has a new identified flaw
Two-for-Tuesday vulnerabilities send Windows and Linux users scrambling | Ars Technica

Anyway - good luck. Getting ugly.
 
Brasstax is offline
 
Last edited by Brasstax; 07-22-2021 at 21:47..
Sponsored Links
clu
VeteranXX
Contributor
Old
2 - 07-22-2021, 21:29
Reply With Quote
mimi (ms katz) sounding pretty hot ngl
 
clu is offline
 
Data
VeteranXX
Contributor
Old
3 - 07-22-2021, 21:56
Reply With Quote
Test Your Router - RouterSecurity.org
 
Data is offline
 
groove
VeteranXX
Old
4 - 07-22-2021, 22:09
Reply With Quote
nuke ur shadowcopies from orbit

its the only way 2 b sure
 
groove is offline
 
Brasstax
VeteranXX
Contributor
Old
5 - 07-22-2021, 22:10
Reply With Quote
Quote:
Originally Posted by Data View Post
Test Your Router - RouterSecurity.org
Steve Gibson is an amazing cat.
He is responsible for one of my favorite pieces of internet history.

They still have the PDF at Stanford...
https://web.stanford.edu/class/msand...ek1/grcdos.pdf

Hilarious and a harbinger.
 
Brasstax is offline
 
DMAUL
VeteranXX
Contributor
Old
6 - 07-22-2021, 23:05
Reply With Quote
Defender is actually really good now. I wouldn't bother running anything else. Microsoft has a huge advantage over other companies in the space because every windows machine reports on the files that are seen. So the intel teams at Microsoft have a treasure trove of data about end user threats.

Use a password manager. Can't reuse passwords if you aren't generating them yourself.

Keep offline backups or cloud backups of your important ****.

Use ublock origin and no script if you can put up with it during the initial learning phase for new sites.

Use MFA everywhere, physical keys like yubikey for extremely important accounts (Gmail) and otp code generators for everything that supports it. Don't rely on SMS unless that's the only choice.

Keep your stuff updated, especially apps like VLC where you load third party content.
 
DMAUL is offline
 
Edofnor
VeteranXX
Old
7 - 07-22-2021, 23:14
Reply With Quote
wow thanx 4 the phishing linkage u boomber bot

btw u can't touch me b/c i'm lunix
 
Edofnor is offline
 
Brasstax
VeteranXX
Contributor
Old
8 - 07-22-2021, 23:46
Reply With Quote
Read the "Two for Tuesday link above for a new Linux exploit. Pretty creative. If you ever tried to make that big of a file system tree in Windows it would explode.

Gist
Quote:
1/ We mkdir() a deep directory structure (roughly 1M nested directories) whose total path length exceeds 1GB, we bind-mount it in an unprivileged user namespace, and rmdir() it.

2/ We create a thread that vmalloc()ates a small eBPF program (via BPF_PROG_LOAD), and we block this thread (via userfaultfd or FUSE) after our eBPF program has been validated by the kernel eBPF verifier but before it is JIT-compiled by the kernel.

3/ We open() /proc/self/mountinfo in our unprivileged user namespace and start read()ing the long path of our bind-mounted directory, thereby writing the string "//deleted" to an offset of exactly -2GB-10B below the beginning of a vmalloc()ated buffer.

4/ We arrange for this "//deleted" string to overwrite an instruction of our validated eBPF program (and therefore nullify the security checks of the kernel eBPF verifier) and transform this uncontrolled out-of-bounds write into an information disclosure and into a limited but controlled out-of-bounds write.

5/ We transform this limited out-of-bounds write into an arbitrary read and write of kernel memory by reusing Manfred Paul's beautiful btf and map_push_elem techniques from:

https://www.thezdi.com/blog/2020/4/8...m-verification
Takes about 3 minutes. Not bad, actually.
 
Brasstax is offline
 
Plasmatic
VeteranXX
Contributor
Old
9 - 07-22-2021, 23:51
Reply With Quote
Remember when some annihilation guys sent everyone to meatspin using an exploit I found in Tribes? I member.
 
Plasmatic is online now
 
Brasstax
VeteranXX
Contributor
Old
10 - 07-23-2021, 00:07
Reply With Quote
Hmm. That sounds special and lolworthy
 
Brasstax is offline
 
DMAUL
VeteranXX
Contributor
Old
11 - 07-23-2021, 00:21
Reply With Quote
Quote:
Originally Posted by Brasstax View Post
Read the "Two for Tuesday link above for a new Linux exploit. Pretty creative. If you ever tried to make that big of a file system tree in Windows it would explode.

Gist


Takes about 3 minutes. Not bad, actually.
Seems like the first part probably came from fuzzing
 
DMAUL is offline
 
Plasmatic
VeteranXX
Contributor
Old
12 - 07-23-2021, 00:55
Reply With Quote
Quote:
Originally Posted by Data View Post
Test Your Router - RouterSecurity.org
I run a Pepwave Surf Soho MK3 because of that page
Pepwave Surf SOHO Router
Firmware 8 can eat a dick though.
 
Plasmatic is online now
 
Plasmatic
VeteranXX
Contributor
Old
13 - 07-23-2021, 15:31
Reply With Quote
Quote:
Originally Posted by Brasstax View Post
Steve Gibson is an amazing cat.
He is responsible for one of my favorite pieces of internet history.

They still have the PDF at Stanford...
https://web.stanford.edu/class/msand...ek1/grcdos.pdf

Hilarious and a harbinger.
That was a good read. rep++
 
Plasmatic is online now
 
DocHolliday
VeteranXX
Contributor
Old
14 - 07-23-2021, 15:38
Reply With Quote
I'm behind a NAT. Don't have a public facing IP.
 
DocHolliday is online now
 
Brasstax
VeteranXX
Contributor
Old
15 - 07-23-2021, 21:02
Reply With Quote
The amount of **** that comes inside via a click, an ad, an updater, an e-mail is off the hook. So, while having a solid perimeter is a great start, you have to watch what you let inside to poke around. They use **** like Cobalt Strike on the inside to see what else is visible and have at it. In some ways, the bad guys are getting more sophisticated than the good guys. It is the time of the black hats.

Also, Doc - some of these exploits just take control of the device that is giving you your NAT.
 
Brasstax is offline
 
DMAUL
VeteranXX
Contributor
Old
16 - 07-23-2021, 23:45
Reply With Quote
There's certainly additional vulnerability to not monitoring your egress. Things like cobalt strike are not difficult to spot if you are monitoring what your users are normally doing. There have been some clever c2s like the Microsoft MSDN comment pages that are really difficult to catch. Domain fronting is another technique that pretty much has no solution. Luckily most malware is not proxy aware... for now....

EDRs are advertised as the ultimate defense but they're not that air tight. If you're trusting your EDR to tell the truth you better be double checking with another solution as well. they all hook standard library API calls, what happens when the malware chooses not to use them?
 
DMAUL is offline
 
Plasmatic
VeteranXX
Contributor
Old
17 - 07-23-2021, 23:47
Reply With Quote
Mr Robot taught me to use mint linux. Am leet hax0r now
 
Plasmatic is online now
 
haniblecter
VeteranXX
Old
18 - 07-25-2021, 04:16
Reply With Quote
I work at a Credit Union.

This lady calls in, she's had money stolen from her banks accounts several times in the last 6 months through people creating paypal, venmo, and other accounts.

I ask her, do you use unique passwords across the internet?

"No, been the same password everywhere for decades"
 
haniblecter is offline
 
Brasstax
VeteranXX
Contributor
Old
19 - 07-25-2021, 04:25
Reply With Quote
 
Brasstax is offline
 
clu
VeteranXX
Contributor
Old
20 - 07-25-2021, 04:34
Reply With Quote
ya i heard somethign about that MSDN ****. just searching for IT related **** puts you on a radar somewhere.
 
clu is offline
 
Page 1 of 2
Reply


Go Back   TribalWar Forums > TribalWar Community > General Discussion
Reload this Page [Security] Some things to do

Social Website Bullshit


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


AGENT: claudebot / Y
All times are GMT -4. The time now is 17:33.